Connect with us





chaumburg, IL, USA (29 May 2018) — As smart cities integrate connected technologies to operate more efficiently and improve the quality of city services, new vulnerabilities arise that require diligent governance of municipal technology. New ISACA research on smart cities reveals several key areas of consideration when it comes to the security of these cities and the critical infrastructure systems they depend upon.

Global survey respondents flag the energy sector to be the critical infrastructure system most susceptible to cyberattacks (71%), followed by communications (70%) and financial services (64%). Interestingly enough, energy and communications also are among the top three critical infrastructure sectors that respondents anticipate can benefit the most from smart cities, along with transportation.

The research shows that malware/ransomware and denial of service are the two most concerning types of smart infrastructure attacks. Additionally, respondents noted that cities’ smart infrastructure is most likely to be targeted by nation-states (67%) and hacktivists (63%).

Despite the many threats for which cities are specifically vulnerable, only 15% of respondents consider cities to be most equipped to contend with smart infrastructure cyber attacks, compared to 55% who think the national government would be better suited to deal with the threats.

“Before our cities can be identified as being ‘smart,’ we must first and foremost transfer this smart attitude to the way we approach and govern the rollout of new technology and systems,” said Robert E Stroud, CGEIT, CRISC, past ISACA board chair and chief product officer at XebiaLabs. “Our urban centers have many potentially attractive targets for those with ill intent, so it is critical that cities make the needed investments in well-trained security professionals and in modernizing their information and technology infrastructure.”

The majority of respondents consider implementing new tools and techniques such as smart grids and artificial intelligence for cybersecurity to be important, but less than half of respondents consider those likely to be implemented in the next five years.

The need for more effective communication with residents living in a developing smart city also is apparent, as 3 in 4 respondents indicate that municipal governments have not educated residents well about the benefits of living in smart cities. Tapping into smart technology to modernize parking, ID systems and other city services can create efficiencies and lessen congestion.

ISACA’s research polled around 2,000 global respondents in February and March 2018. More information on the research and related resources can be found at





Source: ISACA

Continue Reading
Click to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.







For the fourth year in a row, ISACA has surveyed security leaders worldwide to determine their insights and experiences with key cybersecurity issues, ranging from workforce challenges and opportunities to the emerging threat landscape.

Part 1 of the report is now available and provides key insights into the current trends in the threat landscape. Among the findings:

  • Overall results confirm that cybersecurity remains dynamic and turbulent as the field continues to mature
  • Skill challenges remain but are better understood
  • Gender disparity is present but can be mitigated
  • It is predicted that budgets will increase at a higher rate than last year-64% of respondents indicate that their security budgets will expand
  • Confidence in preparedness is increasing but organizational alignment is inconsistent

Download your FREE copy of the White Paper – State of Cybersecurity 2018, Part 1 to see how your experience compares to the findings.


Source: CSX

Continue Reading






Nashville, TN, USA (31 May 2018) — The quickening speed of technological innovation demands a new way of responding to potential risks. How to innovate strategy and focus on where governance and risk management align for enterprise impact will be the focus of the upcoming 2018 Governance, Risk and Control (GRC) Conference, jointly presented by The Institute of Internal Auditors (IIA) and ISACA.

The conference, scheduled for 13-15 August 2018 at the Omni Hotel in Nashville, is expected to bring together more than 600 governance, risk, and control professionals from more than 40 countries to discuss challenges, forge solutions, and define the future of GRC globally. Cyber risks and digital transformation will be key themes throughout the sessions and workshops.

“As organizations adopt new technologies and undergo digital transformation, their governance, risk and compliance capabilities are more critical than ever,” said Rob Clyde, CISM, incoming board chair of ISACA and board director for Titus. “The investment in their leadership and staff is just as important as the investment in technology.” Clyde will keynote a timely presentation on “Governance in These Digitally Shifting Times.”

The conference will open with an address by Luke Williams, a professor of marketing at New York University’s Stern School of Business, who will present, “Disruptive Thinking: How to Prepare for What’s Coming Next.” Another keynote speaker with be Paul Sobel, CIA, QIAL, CRMA, the new chair of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Sobel, who is also vice president and chief audit executive at Georgia-Pacific, LLC, will discuss “COSO ERM: Integrating with Strategy and Performance.”

“As the business world continues to evolve at an increasingly astounding rate, it is evermore imperative that professionals working in risk, compliance and governance have the tools, direction and insight to stay ahead of the game,” said IIA North American Board Chair Karen Brady, CIA, CRMA. “This conference will provide the information needed to advance organizations to the next level and arm them with knowledge and advice for the future of GRC.”

GRC conference sessions will be grouped into the following four hot-topic tracks:

  • Cyber (Security, Resilience, Mitigation)
    • Measuring and Improving Your Security Effectiveness
    • Advancing IT Audit’s Capabilities to Conduct Cybersecurity Audits
    • Auditing Mobile Device Management
  • Governance, Risk and Compliance
    • Digital Transformation: Is Internal Audit Ready?
    • Auditing Third-Party Business Partners for Fraud and Corruption Across the Globe
    • Agile and Compliance
  • Leadership, Career and Communication Development
    • Using Diversity as a Strategic Advantage
    • Storytelling: Improving the Audit Process to Communicate Better
    • The Psychology of Successful Internal Auditing: Navigating Stakeholder Relationships for Optimal Business and Career Results
  • Deep Dive Learning Labs
    • Auditing the Cloud: A Practical Approach
    • Building and Maintaining a Sustainable ERM Framework
    • The Keys to the Kingdom: Access Controls and Ways to Improve

Terry Grafenstine, CISA, CGEIT, CRISC, CPA, CISSP, CIA, CGMA, CGAP, board chair of ISACA and managing director at Deloitte & Touche, LLP, will highlight recent ISACA research and encourage attendees to nurture innovation as part of her discussion on “Governance in the Age of Cyber.”

The event will also feature two pre-conference workshops: “COBIT NIST Cybersecurity Framework,” focusing on its goals, implementation steps and how to apply this information; and “Auditing Technology Disruptors,” where attendees will exchange strategies and tools for leveraging disruptive technologies as audit tools to foster positive outcomes.

“This conference will help attendees gain insights into improved audit efficiency, learn real-life approaches to cyberattack mitigation, understand the impact of new technologies like AI, and build their communication skills to deliver the right messages to their stakeholders and boards,” Clyde said.

Attendees can earn up to 18 hours of continuing professional education (CPE) credits for attending the conference, and an additional 7.5 CPEs for attending one of the pre-conference workshops.

For more information about the GRC Conference, visit The IIA or ISACA.





Source: ISACA

Continue Reading






Schaumburg, IL, USA (5 June 2018) —2017 was widely billed as the year of ransomware, but cyberthreats have moved in a new direction this year, according to ISACA’s State of Cybersecurity 2018 research.

Results show that 50 percent of the 2,366 security leaders surveyed have seen an increase in cyberattack volumes relative to last year. In addition, 80 percent of respondents said they are likely or very likely to be attacked this year—a statistic that remains unchanged from last year’s study.

But despite an increase in cyberattacks generally, ransomware attacks are significantly declining. Last year, 62 percent of respondents experienced a ransomware attack, compared to 45 percent this year—a 17-point drop. This is likely because organizations are significantly better prepared after last year’s WannaCry and NotPetya attacks. Eighty-two percent of respondents said that their enterprises now have ransomware strategies in place and 78 percent said they have a formal process—up 25-points from last year.

While these findings are positive, the data show that ransomware attacks may have been displaced by cryptocurrency mining, which is becoming more frequent. Cryptocurrency mining malware can operate without direct access to the file system, making them harder to detect—and as the prices of cryptocurrencies increase, the economics of cryptocurrency mining malware becomes better for the attacker.

Additionally, the three most common attack vectors remain unchanged from last year: phishing, malware and social engineering.

Active Defense Strategies Are Highly Effective, But Underutilized 
ISACA’s research also found that nearly 4 out of 10 respondents (39 percent) are not at all familiar or only slightly familiar with active defense strategies (e.g., honeypots and sinkholes). Of those who are familiar with active defense strategies, just over half are actually using them.

“This is a missed opportunity for security leaders and their organizations,” said Frank Downs, director of cybersecurity at ISACA. “ISACA’s research indicates that active defense strategies are one of the most effective countermeasures to cyberattacks. A full 87 percent of those who use them indicate that they were successful.”

The ISACA report suggests enterprises must be better prepared with focused attention on several areas, including:

  • Investing in talent—With attacks still on the rise, enterprises must continue to invest in finding, retaining and training skilled cyber security professionals.
  • Exploring further automation benefits—Enterprises should consider automation-driven strategies and tools for detection and to support recovery and response efforts.
  • Ensuring appropriate investment in security controls—With attack vectors (phishing, malware and social engineering) minimally changing, existing control types are still valid and useful. Enterprise investment and attention to security controls should increase in line with the frequency of these attack vectors.

Parts 1 and 2 of ISACA’s State of Cybersecurity Study can be downloaded free of charge at





Source: ISACA

Continue Reading

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 673 other subscribers



%d bloggers like this: